Practices
Sectors
Country Groups
Find a Lawyer

Book an appointment with us, or search the directory to find the right lawyer for you directly through the app.

Find out more

My Tamimi App

Our knowledge, experience, and expertise are now available on the go.

My Tamimi App, a convenient new tool for anyone with an interest in the legal sector, from law students to General Counsel.

Find out more

The leading law firm in the Middle East and North Africa region.

A complete spectrum of legal services across jurisdictions in the Middle East and North Africa.

Today's news and tomorrow's trends from around the region.

17 offices across the Middle East and North Africa.

Cancel
Find out more

Our Firm Back

Our Services Back

Our Knowledge Back

Our Offices Back

Published: May 16, 2021

The Data Protection Authority issues draft decisions with respect to the Personal Data Protection Law

The Data Protection Authority (currently the Ministry of Justice, Islamic Affairs and Waqf) (“Authority”) has recently issued three (3) draft decisions for consultation (“Draft Decision(s)”), pursuant to certain articles in the Personal Data Protection Law (Law No. 30 of 2018) (“PDPL”) stipulating the issuance of executive regulations. The Authority confirmed that it is currently accepting feedback on the Draft Decisions and will continue to do so until the end of June 2021. Feedback can be sent to the following e-mail address: dp-team@moj.gov.bh.

We have set out below some important highlights of the Draft Decisions.

 

Draft Decision No. 1: The Data Subjects’ Rights

Articles 17 – 24 of the PDPL provide data subjects with certain rights (including but not limited to the right to be notified of (or to object to) processing and the right to withdraw consent.

The Draft Decision on data subjects’ rights further emphasises and clearly sets out the data subjects rights as provided for under the PDPL. Most importantly, the draft decision lists the different circumstances whereby consent of the data subject will be required prior to processing personal data, as well as the conditions for valid consent and the procedures for its withdrawal.

 

Draft Decision No. 2: The Duties of the Data Protection Guardian

This Draft Decision makes clear that Data Protection Guardians must be enrolled in a register to be established by the Authority. The Draft Decision sets out: (i) the eligibility criteria to be registered as a Data Protection Guardian with the Authority, and (ii) the procedures to be followed for registering as Data Protection Guardians (e.g. the supporting documents for the application to the Authority).

 

Draft Decision No. 3: The Conditions to be Met in the Technical and Organisational Measures

The PDPL obliges data controllers to implement appropriate technical and organisational measures to guarantee the protection of personal data.

This Draft Decision sets out obligations on data controllers to adopt policies and procedures with the aim of ensuring the secure and safe processing of personal data. These include (but are not limited to): (i) the appointment of a ‘Data Protection Officer’ within the organisation who will have certain duties and responsibilities as prescribed under the Draft Decision, (ii) performing a Data Protection Impact Assessment for any new products/services offered by the organisation to assess their impact on personal data; and (iii) developing internal privacy policies.

Most importantly, the PDPL will finally set out the procedures to be followed by data controllers/processors upon a data breach under this Draft Decision.

 

How we can help

As the leading law firm in the Middle East & North Africa region and with a reputable and dedicated regional data privacy practice, Al Tamimi & Company is well placed to assess the impact of the PDPL on your organisation.

Key Contacts

Foutoun Hajjar

Partner, Head of Office - Bahrain

f.hajjar@tamimi.com
Andrew Fawcett

Senior Counsel

a.fawcett@tamimi.com

Related Insights

banner-02
Kafka is a Thing of the Past: Modernisation of the Courts of the Kingdom of Bahrain

by Noor Al Rayes / Foutoun Hajjar

banner-02
Kuwait’s Communication and Information Technology Regulator issues Data Protection Regulation for Service Providers
banner-02
Pushing the boundaries of the possible: the growth of AI in the UAE

by Martin Hayward

banner-02
Focal point Africa

by Thomas R. Snider

banner-02
Why mediate in Bahrain?

by Noor Al Rayes

banner-02
DIFC DP Law: data subject rights

by Charlotte Sutcliffe

back Chat with us

Disclaimer: This chat service should not be relied upon as a substitute for professional advice which takes account of your specific circumstances and any changes in the law and practice. No warranty is made as to the accuracy or completeness of the information provided via this service and no liability is accepted by Al Tamimi & Company Limited, its affiliates, partners or employees for any loss arising as a result of reliance upon the information provided.

I Agree   

Kindly accept the disclaimer to proceed to a live chat.

Please choose one of the following options below:

Thank you for your inquiry. We will connect you to one of our agents now.

Thank you. Which service are you looking for?

Thank you for your interest in working with Al Tamimi & Company. Please click here to view our latest job openings.

Please click here leave a message and we will get back to you shortly.

Chat